10 Tell-Tale Signs that Spam Email is a Phishing Scam

Posted by Geraldine Hunt on Mon, Mar 15th, 2021

Email phishing scams are carried out online by tech-savvy scammers and identity theft criminals. They use spam emails, fake websites and email  to dupe users  into providing sensitive information, like banking passwords and credit card numbers. Once you take the phisher's bait, they use this information to create fake accounts to steal your money or even your identity. For businesses phishing scams can lead to data breaches that result in the loss of confidential business data and customer information. It has cost some company’s millions. The Scoular Co. lost $17.2 million in June 2014 as a result of phishing. Even large companies with extensive resources can be succesfully targeted by phishers. In May 2017  DocuSign, the digital signature technology provider,  were targeted. A hacker gained access to a ‘non-core’ system that was used to send communications to users via email and stole users’ email addresses.It is unclear exactly how many email addresses were stolen,  the DocuSign website indicates the firm has more than 200 million users.

Here are some tell-tale signs of a phishing email:

1. Without opening the email, look at the name of the sender. Does it EXACTLY match other emails from the same party? If not, it could be packing malware.

2. You are asked to reply with confidential data - A legitimate business will not ask you to furnish your username and/or password or to click a link to change your password. If an email requests banking information, be suspicious. Don’t fall for it.

3. You are offered something valuable at little or no cost – The Nigerian prince comes to mind. Or you have won some sweepstakes that you never entered. Remember that even if you know the sender, the sender’s address book could have been hijacked and used to disseminate phishing emails.

4. The email threatens you with dire consequences if you do not comply:

• “Your computer has a virus” – This is a trick in email and website pop-up advertisements. You are asked to download a “security package” to combat the virus. Unfortunately, rogue security programs are one of the most common sources of malware infection. Ignore warnings about malware from any source except your verified antimalware program.
• The email asks for “urgent” or “immediate” action, particularly involving financial transactions – This is how The Scoular Co. lost $17.2 million. Confirm any such requests  by telephone or, better yet, in person. Check with managers at your company before clicking on or replying to such emails.

5. The email purports to be a "Confidential" or "Private" request. – The sender is trying to keep you from verifying the email with another party. Don’t believe it.

6. An email contains an attachment that purports to be an order confirmation or receipt – This approach is also used for supposed package shipment documents.  Think: have you ordered anything from that company? If so, do past emails have the same format and look? It is better in general to access information on an official website than to click links in an email or download an email attachment. In most cases it is possible to go to an official website to verify the email contents and get further information.

7. The email has an attachment with some non-standard document extension - attachments are a major source of infection. A standard document extension for Microsoft Office would be one ending in .docx , xlsx, or .pptx. These should be OK. But if the extension ends “m” (for macro), the document contains some embedded code that may execute when you open the document. Any Adobe Reader .pdf or zip file .zip document can contain malicious website links or malicious JavaScript files that could unleash a malware infection. The best advice is to check with the sender before downloading an attachment.

8. Is it tax season? - During tax season there is a bump in spear phishing and telephone scams by “tax authorities” requesting financial information or providing tax “receipts” that are malware in disguise. Since January, at least 68 US companies have announced that they fell victim to a spear phishing attack responsible for stealing the W-2 U.S. tax records of their workers. One or more employees receive an email appearing to be from the CEO with subject lines such as: “Request for all employees’ W2.” If the employee falls for the scam, the attacker attempts to file tax returns for all workers before the workers do. Then the attacker steals the victims’ tax refunds.

9. The sender’s email address does not seem to match the contents - Does it make sense that an email from UPS would come from an address such as j.shi@jung.com? Probably not. How about from no.reply@up.s.com? Notice the periods. This is not from UPS, it is from up.s. The "from" address in an email can be faked. Do not assume that if it comes from a known address that it is legitimate.

10. The wording of the email is awkward. – Does the content appear to be proper English (or whatever language it should be)? Check the tone and grammar. Does the email sound like it was translated from a foreign language? Then it could come from a non-native hacker.

What do I do if the email is suspicious?

If the message is suspicious, there are some steps you can take:

• Do not click on any links in the email.
• Hover your mouse over any links in the email. If you know what the real links should be, such as for a frequent customer or vendor, compare the real link to the link in the email.
• Google any companies, individuals, addresses, and phone numbers in the message. Look at more than the official company website; fake websites can be set up quickly.
• Do not use “reply” to answer a suspicious email from a known entity. Instead, create a new email and use the address in your address book, not from the received message.
• Tell other people in your company about the phishing email you received. Knowledge is power!
• What is the easiest way to check if an email represents phishing? Use another communication method such as the telephone or snail mail. But do not use the address or telephone numbers in the email. Google the real company website or obtain the real phone number from online white pages or yellow pages. Otherwise, you could be contacting the phishers!

While phishing techniques are getting more sophisticated, there are lots of  things users can do to avoid being phished.  IT pros need to ensure their organization deploys a powerful spam filter that scans inbound and outbound email, provides RBL blocking and pattern filtering. Spam filters vary in effectiveness and are only part of the solution to preventing intentionally malicious attacks — especially phishing emails. 

Are you an IT professional that wants to ensure your data and devices are protected?  Talk to a specialist or  Email us at info@titanhq.com with any questions.